在服务器上部署一些服务

个人使用的是腾讯云的轻量服务器,系统镜像选择的是 Debian 11,搭建的服务有 博客 HUGO 、私有网盘 Nextcloud 以及 Git服务器 GitLab

目前使用的是 Debian GNU/Linux 11 (bullseye) 搭建服务器,当然用的是 fish 作为 shell

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
bash -c "cat <<- EOF | sudo tee /etc/apt/sources.list
deb https://mirrors.ustc.edu.cn/debian/ bullseye main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ bullseye-updates main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ bullseye-backports main contrib non-free
deb https://mirrors.ustc.edu.cn/debian-security bullseye-security main contrib non-free

# deb-src https://mirrors.ustc.edu.cn/debian/ bullseye main contrib non-free
# deb-src https://mirrors.ustc.edu.cn/debian/ bullseye-updates main contrib non-free
# deb-src https://mirrors.ustc.edu.cn/debian/ bullseye-backports main contrib non-free
# deb-src https://mirrors.ustc.edu.cn/debian-security bullseye-security main contrib non-free
EOF"
sudo apt update -y && sudo apt upgrade -y

一下服务搭建时,域名统一使用 example.com,请根据自己的情况修改对应的配置,用到一些基础依赖请自行安装

  • Nginx
  • Git
  • PHP
  • PostgreSQL
  • Redis

Nextcloud 是 ownCloud 项目的一个分支,一个开源的私有云盘应用,官方提供了包括 桌面以及移动系统的客户端。

定义一些变量

1
2
3
4
5
6
7
set fpm_path /etc/php/7.4/fpm
set nextcloud_version 23.0.4
set nextcloud_path /path/to/nextcloud
set nextcloud_host example.com
set nextcloud_db_user nextcloud
set nextcloud_db_passwd YourPassword
set nextcloud_db_name nextcloud

Nextcloud 依赖 PHP 运行时以及数据库 (MySQL 5.7+ / MariaDB 10.2+ 或 PostgreSQL)

1
2
3
4
apt install -y nginx postgresql \
    php php-fpm php-cli php-mysql php-pgsql php-sqlite3 php-redis \
    php-apcu php-memcached php-bcmath php-intl php-mbstring php-json php-xml \
    php-curl php-imagick php-gd php-zip php-gmp php-ctype php-dom php-iconv
PHP
修改 php-fpm 的配置文件
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
cd $fpm_path
# php config
sed -i "s/memory_limit = .*/memory_limit = 512M/" php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/" php.ini
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 4096M/" php.ini
sed -i "s/post_max_size = .*/post_max_size = 4096M/" php.ini
sed -i "s/max_input_time = .*/max_input_time = 480/" php.ini
sed -i "s/max_execution_time = .*/max_execution_time = 360/" php.ini
sed -i "s/pm.max_children = .*/pm.max_children = 32/" pool.d/www.conf
sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 1/" pool.d/www.conf
sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 8/" pool.d/www.conf
sed -i "s/pm.start_servers = .*/pm.start_servers = 4/" pool.d/www.conf
sed -i "s/;clear_env = no/clear_env = no/" pool.d/www.conf
# opcache config
sed -i "s/;opcache.enable=1/opcache.enable=1/" php.ini
sed -i "s/;opcache.memory_consumption=128/opcache.memory_consumption=128/" php.ini
sed -i "s/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/" php.ini
sed -i "s/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/" php.ini
sed -i "s/;opcache.revalidate_freq=2/opcache.revalidate_freq=1/" php.ini
# apc config
bash -c "cat <<-EOF | sudo tee -a php.ini
[apc]
apc.cache_by_default = on
apc.enable_cli = on
apc.enable = on
apc.file_update_protection = 2
EOF"
echo "apc.enable_cli=on" |sudo tee -a /etc/php/7.4/cli/conf.d/20-apcu.ini
# restart
systemctl restart php7.4-fpm
PostgreSQL
创建用户 nextcloud 和数据库 nextcloud_db
1
2
3
sudo useradd $nextcloud_db_user --create-home --shell /sbin/nologin
sudo -u postgres -H psql -c "CREATE USER $nextcloud_db_user WITH PASSWORD '$nextcloud_db_passwd'"
sudo -u postgres -H psql -c "CREATE DATABASE $nextcloud_db_name OWNER $nextcloud_db_user"
Nginxm
配置网站,修改 官方示例配置文件 并保存在 /etc/nginx/sites-available/nextcloud
1
2
ln -sf /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/
systemctl restart nginx

下载 你需要的版本并解压到目录中

1
2
3
4
sudo -E wget https://download.nextcloud.com/server/releases/nextcloud-"$nextcloud_version".tar.bz2
sudo mkdir -p $nextcloud_path
sudo tar -jxvf nextcloud-"$nextcloud_version".tar.bz2 -C $nextcloud_path
sudo chown -R www-data:www-data $nextcloud_path

准备工作完成后,进入网页,设置管理员帐号和数据库。

配置邮箱服务器前需要先修改nextcloud的代码,如下

1
2
3
4
5
cd /path/to/nextcloud
sed -i \
    "s/\$streamContext = .*;/\$streamContext = stream_context_create(array('ssl'=>['verify_peer'=>false, 'verify_peer_name'=>false, 'allow_self_signed'=>true]));/" \
    3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php
systemctl restart php7.4-fpm

登录管理员帐号进行邮箱服务器配置即可

字段
发送模式 SMTP
加密 SSL/TLS
来自地址 noreply@example.com
认证方式 登录
需要认证 true
服务器地址 mail.example.com:465
证书 noreply@example.com
密码 YourPassword

优化最常见的手段是添加缓存,这里是在配置文件中添加 Redis (uds) 和 APCu 支持

1
2
3
4
5
6
7
8
9
  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => [
    'host'     => '/var/run/redis/redis.sock',
    'port'     => 0,
    'dbindex'  => 0,
    'timeout'  => 2,
  ],

还有就是开启缩略图,比如最大只有 512x512 的缩略图,可以提高访问速度,但是访问可能体验极差,毕竟点开图片你就给我看这个

1
2
3
4
  'enable_previews' => true,
  'preview_max_x' => 512,
  'preview_max_y' => 512,
  'preview_max_scale_factor' => 1,

至于默认的 JPEG 质量是 90,有点高的话,你可以用以下命令调低 (比如到 60)

1
occ config:app:set preview jpeg_quality --value="60"

上传大文件的话,可以看看官方的相关文档

Nextcloud 不仅自带了很多功能,也提供了插件用于扩展功能,官方称作 Apps,以下个人推荐一些插件,欢迎补充

Announcement center
公告发布
Registration
注册功能
File access control
文件访问控制,可以添加规则来控制管理用户对文件的操作,参见 工作流
Music
音乐播放器
Full text search
全文搜索

GitLab 是开源的基于git的 web DevOps生命周期工具,提供了Git仓库问题追踪CI/CD等功能。分为社区版和企业版,使用相同内核,部分功能社区版没有提供。 Gitlab 相较消耗资源,官方推荐的最低要求为 4C4G 可以最多支持500用户, 8C8G 最多支持1000用户,具体的使用受到用户的活跃程度CI/CD修改大小等因素影响。

由于暂时不需要,没有安装 Gitlab Pages,Gitlab的安装依赖 git 用户,以下是目录结构

1
2
3
4
5
6
7
/home/git
├── gitaly
├── gitlab
├── gitlab-shell
├── gitlab-workhorse
├── go
└── repositories
Gitaly
处理所有的 git 操作
GitLab Shell
处理基于 SSH 的 git 会话 与 SSH密钥
GitLab Workhorse
反向代理服务器,处理与Rails无关的请求,Git Pull/Push 请求 和 到Rails的连接,减轻Web服务的压力,帮助整体加快Gitlab的速度
Unicorn / Puma
Gitlab 自身的 Web 服务器,提供面向用户的功能,Gitlab 13.0 起默认使用 Puma
Sidekiq
后台任务服务器,从Redis队列中提取任务并进行处理
GitLab Pages
允许直接从仓库发布静态网站
Gitlab Runner
Gitlab CI/CD 所关联的任务处理器
Nginx
Web 服务器
PostgreSQL
数据库

目前Gitlab最新版本为 v14.8 ,下列表是部分依赖,细明详见 安装最低要求

Software Minimum Version Notes
Ruby 2.7 自 GitLab 13.6 起最低要求 v2.7,暂不支持 Ruby 3.0
GoLang 1.16
Node.js 12.22.1 GitLab 使用 webpack 编译前端资源,推荐使用 Node.js 14.x
yarn 1.22.x GitLab 使用 Yarn 管理 Js 依赖,暂不支持 Yarn 2
Redis 4.0 GitLab 13.0 起最低要求 4.0,推荐使用 Redis 6.0
PostgreSQL 13 GitLab 13.0 最低要求 pgsql 12,14.0 最低要求 pgsql 13
Git 2.33.x
Nginx

另外需要注意,GitLab 支持的 pgsql 扩展主要有三个,在不同版本有所支持

  • pg_trgm 最低要求 GitLab 版本为 8.6
  • plpgsql 最低要求 GitLab 版本为 11.7
  • btree_gist 最低要求 GitLab 版本为 13.1

安装相关依赖,建立数据库,将 Redis 设置为 Unix Domain Socket (UDS) 连接

  • 定义变量

    1
    2
    3
    4
    5
    
    set gitlab_version 14-10-stable
    set gitlab_path /home/git/gitlab
    set gitaly_path /home/git/gitaly
    set gitlab_host example.com
    set gitlab_db_passwd YourPassword
    
  • 安装相关依赖

    1
    2
    3
    4
    5
    6
    
    # install dependencies
    sudo apt install -y \
        build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libre2-dev \
        libreadline-dev libncurses5-dev libffi-dev curl openssh-server libxml2-dev \
        libxslt1-dev libcurl4-openssl-dev libicu-dev logrotate rsync python3-docutils \
        pkg-config cmake runit-systemd libkrb5-dev graphicsmagick libimage-exiftool-perl
    
  • 安装 Git

    1
    2
    3
    4
    5
    6
    7
    8
    9
    
    # install git
    sudo apt install -y \
        libcurl4-openssl-dev libexpat1-dev gettext libz-dev \
        libssl-dev libpcre2-dev build-essential git-core
    git clone https://gitlab.com/gitlab-org/gitaly.git -b $gitlab_version /tmp/gitaly
    cd /tmp/gitaly
    sudo make git GIT_PREFIX=/usr/local
    sudo apt remove -y git-core
    sudo apt autoremove
    

    需要注意,这种方法安装的 Git 需要修改配置文件 config/gitlab.yml 中的 git 路径

    1
    2
    
    git:
      bin_path: /usr/local/bin/git
    
  • 安装 Ruby

    1
    2
    3
    4
    5
    6
    7
    
    mkdir /tmp/ruby && cd /tmp/ruby
    curl --remote-name --location --progress-bar "https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.gz"
    echo '3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b ruby-2.7.4.tar.gz' | sha256sum -c - && tar xzf ruby-2.7.4.tar.gz
    cd ruby-2.7.4
    ./configure --disable-install-rdoc --enable-shared
    make
    sudo make install
    
  • 安装 GoLang

    1
    2
    3
    4
    5
    6
    
    sudo rm -rf /usr/local/go
    curl --remote-name --location --progress-bar "https://go.dev/dl/go1.16.10.linux-amd64.tar.gz"
    echo '414cd18ce1d193769b9e97d2401ad718755ab47816e13b2a1cde203d263b55cf  go1.16.10.linux-amd64.tar.gz' | shasum -a256 -c - && \
      sudo tar -C /usr/local -xzf go1.16.10.linux-amd64.tar.gz
    sudo ln -sf /usr/local/go/bin/{go,gofmt} /usr/local/bin/
    rm go1.16.10.linux-amd64.tar.gz
    
  • 安装 Node

    1
    2
    3
    4
    
    # install node v16.x
    curl --location "https://deb.nodesource.com/setup_16.x" | sudo bash -
    sudo apt-get install -y nodejs
    npm install --global yarn
    
  • 安装并配置数据库

    1
    2
    3
    4
    5
    6
    
    sudo useradd git --create-home --shell /sbin/nologin
    sudo apt install -y postgresql postgresql-client libpq-dev postgresql-contrib
    sudo -u postgres psql -d template1 -c "CREATE USER git WITH PASSWORD '$gitlab_db_passwd' CREATEDB;"
    sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
    sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS btree_gist";
    sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER git;"
    

    检查 pg_trgm 扩展是否启用

    1
    2
    3
    4
    
    SELECT true AS enabled
    FROM pg_available_extensions
    WHERE name = 'pg_trgm'
    AND installed_version IS NOT NULL;
    

    检查 btree_gist 扩展是否启用

    1
    2
    3
    4
    
    SELECT true AS enabled
    FROM pg_available_extensions
    WHERE name = 'btree_gist'
    AND installed_version IS NOT NULL;
    
  • 安装并配置 Redis

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    
    sudo apt install redis-server
    sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.orig
    sudo sed 's/^port .*/port 0/' /etc/redis/redis.conf.orig | sudo tee /etc/redis/redis.conf
    echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis/redis.conf
    echo 'unixsocketperm 770' | sudo tee -a /etc/redis/redis.conf
    sudo mkdir -p /var/run/redis
    sudo chown redis:redis /var/run/redis
    sudo chmod 755 /var/run/redis
    if test -d /etc/tmpfiles.d
      echo 'd  /var/run/redis  0755  redis  redis  10d  -' | sudo tee -a /etc/tmpfiles.d/redis.conf
    end
    sudo systemctl restart redis
    sudo usermod -aG redis git
    
  • 克隆 GitLab 并配置相关文件

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    
    # clone gitlab src
    cd ~git
    sudo -u git -H -E git clone https://gitlab.com/gitlab-org/gitlab-foss.git -b $gitlab_version gitlab
    cd $gitlab_path
    # config gitlab.yml
    sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
    sudo -u git -H editor config/gitlab.yml
    # config permissions
    sudo -u git -H cp config/secrets.yml.example config/secrets.yml
    sudo -u git -H chmod 0600 config/secrets.yml
    sudo chown -R git log/
    sudo chown -R git tmp/
    sudo chmod -R u+rwX,go-w log/
    sudo chmod -R u+rwX tmp/
    sudo chmod -R u+rwX tmp/pids/
    sudo chmod -R u+rwX tmp/sockets/
    sudo -u git -H mkdir -p public/uploads/
    sudo chmod 0700 public/uploads
    sudo chmod -R u+rwX builds/
    sudo chmod -R u+rwX shared/artifacts/
    sudo chmod -R ug+rwX shared/pages/
    # config puma
    sudo -u git -H cp config/puma.rb.example config/puma.rb
    sudo -u git -H editor config/puma.rb
    # config git
    sudo -u git -H git config --global core.autocrlf input
    sudo -u git -H git config --global gc.auto 0
    sudo -u git -H git config --global repack.writeBitmaps true
    sudo -u git -H git config --global receive.advertisePushOptions true
    sudo -u git -H git config --global core.fsyncObjectFiles true
    # config Redis
    sudo -u git -H cp config/resque.yml.example config/resque.yml
    sudo -u git -H cp config/cable.yml.example config/cable.yml
    sudo -u git -H editor config/resque.yml config/cable.yml
    # config database
    sudo -u git cp config/database.yml.postgresql config/database.yml
    sudo -u git -H editor config/database.yml
    sudo -u git -H chmod o-rwx config/database.yml
    
  • 安装 GitLab 相关程序

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    
    # install gems
    sudo -u git -H bundle config set --local deployment 'true'
    sudo -u git -H bundle config set --local without 'development test mysql aws kerberos'
    sudo -u git -H -E bundle install
    # install gitlab-shell
    sudo -u git -H -E bundle exec rake gitlab🐚install RAILS_ENV=production
    sudo -u git -H editor ~git/gitlab-shell/config.yml
    # install gitlab-workhorse
    sudo -u git -H -E bundle exec rake "gitlab:workhorse:install[/home/git/gitlab-workhorse]" RAILS_ENV=production
    # install gitaly
    cd /home/git/gitlab
    sudo -u git -H -E bundle exec rake \
        "gitlab:gitaly:install[/home/git/gitaly,/home/git/repositories]" RAILS_ENV=production
    sudo chmod 0700 $gitlab_path/tmp/sockets/private
    sudo chown git $gitlab_path/tmp/sockets/private
    sudo -u git -H editor $gitaly_path/config.toml
    # install service
    sudo mkdir -p /usr/local/lib/systemd/system
    sudo cp lib/support/systemd/* /usr/local/lib/systemd/system/
    sudo systemctl daemon-reload
    sudo systemctl enable gitlab.target
    # setup logrotate
    sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
    

    如果主机上还有 PostgreSQL 以及 Redis,可以在 gitlab-*.service 文件 Unit 单元的 WantsAfter 两个字段追加下面两个服务

    1
    2
    3
    
    [Unit]
    Wants=redis-server.service postgresql.service
    After=redis-server.service postgresql.service
    
  • 启动相关项目

    1
    2
    3
    4
    
    # start gitaly
    sudo systemctl start gitlab-gitaly.service
    # init database and activate advanced features
    sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production force=yes
    
  • 检测应用状态

    1
    
    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
    
  • 编译前端文件

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    
    # GetText PO files
    sudo -u git -H bundle exec rake gettext:compile RAILS_ENV=production
    # Assets
    sudo -u git -H yarn install --production --pure-lockfile
    sudo -u git -H bundle exec rake gitlab:assets:compile \
        RAILS_ENV=production NODE_ENV=production \
        NODE_OPTIONS="--max_old_space_size=8192"
    if test 0 -ne $status
        echo "\033[31m compile assets error. desc '--max_old_space_size' \033[0m"
        exit 64
    end
    
  • 设置 Nginx

    1
    2
    3
    4
    5
    6
    7
    8
    
    sudo cp lib/support/nginx/gitlab-ssl /etc/nginx/sites-available/gitlab
    sudo ln -sf /etc/nginx/sites-available/gitlab /etc/nginx/sites-enabled/gitlab
    sudo editor /etc/nginx/sites-available/gitlab
    sudo nginx -t
    if test 0 -ne $status
        echo "nginx config error. editor /etc/nginx/sites-available/gitlab"
        exit 64
    end
    
  • 二次检查程序状态

    1
    2
    
    sudo systemctl restart nginx.service gitlab.target
    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
    

Gitlab基本配置完成,登录网站设置默认管理员密码即可登录,默认管理员帐号为 root

之后每次更新与安装类似,因此可以写一个小脚本

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
function check_and_print_command_status
    if test 0 -eq $argv[1]
        echo "$argv[2]: "(set_color green)"consistency"(set_color normal)
    else
        echo "$argv[2]: "(set_color red)"difference"(set_color normal)
    end
end

function get_next_branch
    cd $gitlab_path
    sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
    systemctl stop gitlab.target
    sudo -u git -H -E git fetch --all --prune
    sudo -u git -H git checkout -- Gemfile.lock db/structure.sql locale
    sudo -u git -H git checkout $next_branch
end

function check_configuration_files
    cd $gitlab_path
    set files \
        "config/gitlab.yml.example" "lib/support/nginx/gitlab-ssl" \
        "lib/support/systemd/gitlab-gitaly.service" "lib/support/systemd/gitlab-pages.service" \
        "lib/support/systemd/gitlab-sidekiq.service" "lib/support/systemd/gitlab-mailroom.service" \
        "lib/support/systemd/gitlab-puma.service" "lib/support/systemd/gitlab-workhorse.service" \
        "lib/support/systemd/gitlab.target" "lib/support/systemd/gitlab.slice"
    for f in $files
        git diff --exit-code origin/$curr_branch:$f origin/$next_branch:$f
        check_and_print_command_status $status "$f"
    end
end

function install_and_migration
    cd $gitlab_path
    # If you haven't done so during installation or a previous upgrade already
    sudo -u git -H bundle config set --local deployment 'true'
    sudo -u git -H bundle config set --local without 'development test mysql aws kerberos'
    # Update gems
    sudo -u git -H -E bundle install
    # Optional: clean up old gems
    sudo -u git -H bundle clean
    # Run database migrations
    sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
    # Compile GetText PO files
    sudo -u git -H bundle exec rake gettext:compile RAILS_ENV=production
    # Update node dependencies and recompile assets
    sudo -u git -H -E bundle exec rake yarn:install gitlab:assets:clean gitlab:assets:compile RAILS_ENV=production NODE_ENV=production NODE_OPTIONS="--max_old_space_size=6144"
    # Clean up cache
    sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
end

function upgrade_shell
    cd $shell_path
    sudo -u git -H git fetch --all --tags --prune
    sudo -u git -H git checkout v(cat $gitlab_path/GITLAB_SHELL_VERSION)
    sudo -u git -H make build
end

function upgrade_workhorse
    cd $gitlab_path
    sudo -u git -H bundle exec rake "gitlab:workhorse:install[$work_path]" RAILS_ENV=production
end

function upgrade_gitaly
    cd $gitlab_path
    sudo -u git -H bundle exec rake "gitlab:gitaly:install[$gitaly_path,$repos_path]" RAILS_ENV=production
end

function check_status
    cd $gitlab_path
    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
end

set -g base_path    /home/git
set -g gitlab_path  $base_path/gitlab
set -g gitaly_path  $base_path/gitaly
set -g shell_path   $base_path/gitlab-shell
set -g work_path    $base_path/gitlab-workhorse
set -g repos_path   $base_path/repositories
set -g curr_branch  (git --git-dir=$gitlab_path/.git symbolic-ref --short -q HEAD)
set -g next_branch  "15-0-stable"

argparse 'c/check' 'u/update' -- $argv

if set --query _flag_update
    get_next_branch
    install_and_migration
    upgrade_shell
    upgrade_workhorse
    upgrade_gitaly
end

if set --query _flag_check
    check_configuration_files
    check_status
    exit 0
end

接下来安装 Gitlab Runner 最新版,使 CI/CD 可用

1
2
3
cd /tmp
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash
sudo -E apt install docker docker-compose gitlab-runner

Gitlab Runner 提供了几种模式,分别是

  • shell
  • docker
  • docker-ssh
  • ssh
  • parallels
  • virtualbox
  • docker+machine
  • docker-ssh+machine
  • kubernetes

virtualbox、parallels、docker-ssh 都是使用 SSH 的方式连接到镜像。而通常采用 docker 执行器就可以轻量化的实现各种环境的构建;如果你需要执行 CI 任务时多时少则可以选用 docker+machine;shell 就很暴力了,直接在主机上执行,但是需要自行搭建环境,这不如 container 来的灵活自在。

在管理员面板的 Overview > Runners 中获取到注册 runner 要用的 token。注册 docker 执行器的 runner

1
sudo gitlab-runner register --executor docker --docker-image alpine:latest

或许以后会改为 k8s 搭建 runner。先将 docker build 映射到 /tmp,只需要修改配置文件中的 volumes 为

1
volumes = ["/cache", "/tmp:/builds:rw"]

如果对 GitLab Runner 的配置感兴趣,可以参考官方文档

我们的GitLab使用的是源码安装,需要修改 config/gitlab.yml 开启 emil

1
2
3
4
5
6
7
gitlab_email_from="noreply@example.com"
gitlab_email_reply="noreply@example.com"
cd /home/git/gitlab
sed -i "s/email_enabled:.*/email_enabled: true/" config/gitlab.yml
sed -ie "s/email_from:.*/email_from: ${gitlab_email_from}" config/gitlab.yml
sed -ie "s/email_reply_to:.*/email_reply_to: ${gitlab_email_reply}" config/gitlab.yml
cp config/initializers/smtp_settings.rb.sample config/initializers/smtp_settings.rb

将email启用后,还需要配置smtp,可以参考 官方教程,修改配置文件 config/initializers/smtp_settings.rb,将 ActionMailer::Base.smtp_settings 修改为以下内容

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
enable: true,
address: "mail.example.com",
port: 465,
user_name: "noreply@example.com",
password: "YourPassword",
domain: "mail.example.com",
authentication: :login,
enable_starttls_auto: true,
tls: true,
openssl_verify_mode: 'none'

开启对邮件的 S/MIME 签名服务,将你的S/MIME私钥保存到 $gitlab_path/.gitlab_smime_key,公钥保存到 $gitlab_path/.gitlab_smime_cert

1
sed -i "103s/# enabled:.*/enabled: true/" config/gitlab.yml

配置完成后重启服务即可,如果需要验证SMTP是否工作,可以使用以下命令

1
2
echo "Notify.test_email('$gitlab_email_reply', 'Message Subject', 'Message Body').deliver_now" | \
sudo -u git -H bundle exec rails console -e production

Lychee 现在是由 LycheeOrg 维护的开源项目,旨在实现一个简单易用的照片管理系统,我们搭建服务将使用 4.x 版本作为示例

Lychee 是目前为数不多的支持 PostgreSQL 的图床

1
2
3
4
5
6
set lychee_path /path/to/lychee
set lychee_version v4.0.8
set lychee_host example.com
set lychee_db_user lychee
set lychee_db_passwd YourPassword
set lychee_db_name lychee

由于 Lychee 同样也是 PHP 开发的服务,所以已经安装 Nextcloud 的情况下,并不需要再安装 PHP 相关的其他 package (当然除了 PHP 的依赖管理器 composer)

PHP >= 7.4,依赖的扩展 (可以使用命令 php -m 查看已安装的扩展)

  • BCMath
  • Ctype
  • Exif
  • Ffmpeg (optional — to generate video thumbnails)
  • Fileinfo
  • GD
  • Imagick (optional — to generate better thumbnails)
  • JSON
  • Mbstring
  • OpenSSL
  • PDO
  • Tokenizer
  • XML
  • ZIP

我们先创建数据库用户,Lychee 支持 MySQL (> 5.7.8) / MariaDB (> 10.2) / PostgreSQL (> 9.2),我们继续使用 PostgreSQL 就好

1
2
3
sudo useradd $lychee_db_user --create-home --shell /sbin/nologin
sudo -u postgres -H psql -c "CREATE USER $lychee_db_user WITH PASSWORD '$lychee_db_passwd'"
sudo -u postgres -H psql -c "CREATE DATABASE $lychee_db_name OWNER $lychee_db_user"

我们将安装 v4.0.8,更多详细版本信息请浏览 更新日志

1
2
3
4
git clone https://www.github.com/LycheeOrg/Lychee -b $lychee_version $lychee_path
cd $lychee_path
composer install --no-dev
chown -R www-data:www-data $lychee_path

关于 Web 服务器的配置官方已经给出了 NginxApache 的相关配置

Lychee 相关的环境配置在 .env

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
bash -c "cat <<- EOF > $lychee_path/.env
APP_NAME=Lychee
APP_ENV=production
APP_DEBUG=false
APP_URL=http://$lychee_host
APP_KEY=

DEBUGBAR_ENABLED=false
LOG_CHANNEL=stack

DB_CONNECTION=pgsql
DB_HOST=localhost
DB_PORT=5432
DB_DATABASE=$lychee_db_name
DB_USERNAME=$lychee_db_user
DB_PASSWORD=$lychee_db_passwd
DB_LOG_SQL=false

TIMEZONE=Asia/Shanghai

BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync

REDIS_HOST=/var/run/redis/redis.sock
REDIS_PASSWORD=null
REDIS_PORT=0

MAIL_DRIVER=smtp
MAIL_HOST=
MAIL_PORT=
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY=\"\${PUSHER_APP_KEY}\"
MIX_PUSHER_APP_CLUSTER=\"\${PUSHER_APP_CLUSTER}\"
EOF"
chown www-data:www-data $lychee_path/.env
sudo -u www-data php artisan key:generate

最后只需要配置 Nginx 相关内容即可